1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * bdc_ep.c - BRCM BDC USB3.0 device controller endpoint related functions
4 *
5 * Copyright (C) 2014 Broadcom Corporation
6 *
7 * Author: Ashwini Pahuja
8 *
9 * Based on drivers under drivers/usb/
10 */
11 #include <linux/module.h>
12 #include <linux/pci.h>
13 #include <linux/dma-mapping.h>
14 #include <linux/kernel.h>
15 #include <linux/delay.h>
16 #include <linux/dmapool.h>
17 #include <linux/ioport.h>
18 #include <linux/sched.h>
19 #include <linux/slab.h>
20 #include <linux/errno.h>
21 #include <linux/init.h>
22 #include <linux/timer.h>
23 #include <linux/list.h>
24 #include <linux/interrupt.h>
25 #include <linux/moduleparam.h>
26 #include <linux/device.h>
27 #include <linux/usb/ch9.h>
28 #include <linux/usb/gadget.h>
29 #include <linux/usb/otg.h>
30 #include <linux/pm.h>
31 #include <linux/io.h>
32 #include <linux/irq.h>
33 #include <linux/unaligned.h>
34 #include <linux/platform_device.h>
35 #include <linux/usb/composite.h>
36
37 #include "bdc.h"
38 #include "bdc_ep.h"
39 #include "bdc_cmd.h"
40 #include "bdc_dbg.h"
41
42 static const char * const ep0_state_string[] = {
43 "WAIT_FOR_SETUP",
44 "WAIT_FOR_DATA_START",
45 "WAIT_FOR_DATA_XMIT",
46 "WAIT_FOR_STATUS_START",
47 "WAIT_FOR_STATUS_XMIT",
48 "STATUS_PENDING"
49 };
50
51 /* Free the bdl during ep disable */
ep_bd_list_free(struct bdc_ep * ep,u32 num_tabs)52 static void ep_bd_list_free(struct bdc_ep *ep, u32 num_tabs)
53 {
54 struct bd_list *bd_list = &ep->bd_list;
55 struct bdc *bdc = ep->bdc;
56 struct bd_table *bd_table;
57 int index;
58
59 dev_dbg(bdc->dev, "%s ep:%s num_tabs:%d\n",
60 __func__, ep->name, num_tabs);
61
62 if (!bd_list->bd_table_array) {
63 dev_dbg(bdc->dev, "%s already freed\n", ep->name);
64 return;
65 }
66 for (index = 0; index < num_tabs; index++) {
67 /*
68 * check if the bd_table struct is allocated ?
69 * if yes, then check if bd memory has been allocated, then
70 * free the dma_pool and also the bd_table struct memory
71 */
72 bd_table = bd_list->bd_table_array[index];
73 dev_dbg(bdc->dev, "bd_table:%p index:%d\n", bd_table, index);
74 if (!bd_table) {
75 dev_dbg(bdc->dev, "bd_table not allocated\n");
76 continue;
77 }
78 if (!bd_table->start_bd) {
79 dev_dbg(bdc->dev, "bd dma pool not allocated\n");
80 continue;
81 }
82
83 dev_dbg(bdc->dev,
84 "Free dma pool start_bd:%p dma:%llx\n",
85 bd_table->start_bd,
86 (unsigned long long)bd_table->dma);
87
88 dma_pool_free(bdc->bd_table_pool,
89 bd_table->start_bd,
90 bd_table->dma);
91 /* Free the bd_table structure */
92 kfree(bd_table);
93 }
94 /* Free the bd table array */
95 kfree(ep->bd_list.bd_table_array);
96 }
97
98 /*
99 * chain the tables, by insteting a chain bd at the end of prev_table, pointing
100 * to next_table
101 */
chain_table(struct bd_table * prev_table,struct bd_table * next_table,u32 bd_p_tab)102 static inline void chain_table(struct bd_table *prev_table,
103 struct bd_table *next_table,
104 u32 bd_p_tab)
105 {
106 /* Chain the prev table to next table */
107 prev_table->start_bd[bd_p_tab-1].offset[0] =
108 cpu_to_le32(lower_32_bits(next_table->dma));
109
110 prev_table->start_bd[bd_p_tab-1].offset[1] =
111 cpu_to_le32(upper_32_bits(next_table->dma));
112
113 prev_table->start_bd[bd_p_tab-1].offset[2] =
114 0x0;
115
116 prev_table->start_bd[bd_p_tab-1].offset[3] =
117 cpu_to_le32(MARK_CHAIN_BD);
118 }
119
120 /* Allocate the bdl for ep, during config ep */
ep_bd_list_alloc(struct bdc_ep * ep)121 static int ep_bd_list_alloc(struct bdc_ep *ep)
122 {
123 struct bd_table *prev_table = NULL;
124 int index, num_tabs, bd_p_tab;
125 struct bdc *bdc = ep->bdc;
126 struct bd_table *bd_table;
127 dma_addr_t dma;
128
129 if (usb_endpoint_xfer_isoc(ep->desc))
130 num_tabs = NUM_TABLES_ISOCH;
131 else
132 num_tabs = NUM_TABLES;
133
134 bd_p_tab = NUM_BDS_PER_TABLE;
135 /* if there is only 1 table in bd list then loop chain to self */
136 dev_dbg(bdc->dev,
137 "%s ep:%p num_tabs:%d\n",
138 __func__, ep, num_tabs);
139
140 /* Allocate memory for table array */
141 ep->bd_list.bd_table_array = kzalloc_objs(struct bd_table *, num_tabs,
142 GFP_ATOMIC);
143 if (!ep->bd_list.bd_table_array)
144 return -ENOMEM;
145
146 /* Allocate memory for each table */
147 for (index = 0; index < num_tabs; index++) {
148 /* Allocate memory for bd_table structure */
149 bd_table = kzalloc_obj(*bd_table, GFP_ATOMIC);
150 if (!bd_table)
151 goto fail;
152
153 bd_table->start_bd = dma_pool_zalloc(bdc->bd_table_pool,
154 GFP_ATOMIC,
155 &dma);
156 if (!bd_table->start_bd) {
157 kfree(bd_table);
158 goto fail;
159 }
160
161 bd_table->dma = dma;
162
163 dev_dbg(bdc->dev,
164 "index:%d start_bd:%p dma=%08llx prev_table:%p\n",
165 index, bd_table->start_bd,
166 (unsigned long long)bd_table->dma, prev_table);
167
168 ep->bd_list.bd_table_array[index] = bd_table;
169 if (prev_table)
170 chain_table(prev_table, bd_table, bd_p_tab);
171
172 prev_table = bd_table;
173 }
174 chain_table(prev_table, ep->bd_list.bd_table_array[0], bd_p_tab);
175 /* Memory allocation is successful, now init the internal fields */
176 ep->bd_list.num_tabs = num_tabs;
177 ep->bd_list.max_bdi = (num_tabs * bd_p_tab) - 1;
178 ep->bd_list.num_tabs = num_tabs;
179 ep->bd_list.num_bds_table = bd_p_tab;
180 ep->bd_list.eqp_bdi = 0;
181 ep->bd_list.hwd_bdi = 0;
182
183 return 0;
184 fail:
185 /* Free the bd_table_array, bd_table struct, bd's */
186 ep_bd_list_free(ep, num_tabs);
187
188 return -ENOMEM;
189 }
190
191 /* returns how many bd's are need for this transfer */
bd_needed_req(struct bdc_req * req)192 static inline int bd_needed_req(struct bdc_req *req)
193 {
194 int bd_needed = 0;
195 int remaining;
196
197 /* 1 bd needed for 0 byte transfer */
198 if (req->usb_req.length == 0)
199 return 1;
200
201 /* remaining bytes after tranfering all max BD size BD's */
202 remaining = req->usb_req.length % BD_MAX_BUFF_SIZE;
203 if (remaining)
204 bd_needed++;
205
206 /* How many maximum BUFF size BD's ? */
207 remaining = req->usb_req.length / BD_MAX_BUFF_SIZE;
208 bd_needed += remaining;
209
210 return bd_needed;
211 }
212
213 /* returns the bd index(bdi) corresponding to bd dma address */
bd_add_to_bdi(struct bdc_ep * ep,dma_addr_t bd_dma_addr)214 static int bd_add_to_bdi(struct bdc_ep *ep, dma_addr_t bd_dma_addr)
215 {
216 struct bd_list *bd_list = &ep->bd_list;
217 dma_addr_t dma_first_bd, dma_last_bd;
218 struct bdc *bdc = ep->bdc;
219 struct bd_table *bd_table;
220 bool found = false;
221 int tbi, bdi;
222
223 dma_first_bd = dma_last_bd = 0;
224 dev_dbg(bdc->dev, "%s %llx\n",
225 __func__, (unsigned long long)bd_dma_addr);
226 /*
227 * Find in which table this bd_dma_addr belongs?, go through the table
228 * array and compare addresses of first and last address of bd of each
229 * table
230 */
231 for (tbi = 0; tbi < bd_list->num_tabs; tbi++) {
232 bd_table = bd_list->bd_table_array[tbi];
233 dma_first_bd = bd_table->dma;
234 dma_last_bd = bd_table->dma +
235 (sizeof(struct bdc_bd) *
236 (bd_list->num_bds_table - 1));
237 dev_dbg(bdc->dev, "dma_first_bd:%llx dma_last_bd:%llx\n",
238 (unsigned long long)dma_first_bd,
239 (unsigned long long)dma_last_bd);
240 if (bd_dma_addr >= dma_first_bd && bd_dma_addr <= dma_last_bd) {
241 found = true;
242 break;
243 }
244 }
245 if (unlikely(!found)) {
246 dev_err(bdc->dev, "%s FATAL err, bd not found\n", __func__);
247 return -EINVAL;
248 }
249 /* Now we know the table, find the bdi */
250 bdi = (bd_dma_addr - dma_first_bd) / sizeof(struct bdc_bd);
251
252 /* return the global bdi, to compare with ep eqp_bdi */
253 return (bdi + (tbi * bd_list->num_bds_table));
254 }
255
256 /* returns the table index(tbi) of the given bdi */
bdi_to_tbi(struct bdc_ep * ep,int bdi)257 static int bdi_to_tbi(struct bdc_ep *ep, int bdi)
258 {
259 int tbi;
260
261 tbi = bdi / ep->bd_list.num_bds_table;
262 dev_vdbg(ep->bdc->dev,
263 "bdi:%d num_bds_table:%d tbi:%d\n",
264 bdi, ep->bd_list.num_bds_table, tbi);
265
266 return tbi;
267 }
268
269 /* Find the bdi last bd in the transfer */
find_end_bdi(struct bdc_ep * ep,int next_hwd_bdi)270 static inline int find_end_bdi(struct bdc_ep *ep, int next_hwd_bdi)
271 {
272 int end_bdi;
273
274 end_bdi = next_hwd_bdi - 1;
275 if (end_bdi < 0)
276 end_bdi = ep->bd_list.max_bdi - 1;
277 else if ((end_bdi % (ep->bd_list.num_bds_table-1)) == 0)
278 end_bdi--;
279
280 return end_bdi;
281 }
282
283 /*
284 * How many transfer bd's are available on this ep bdl, chain bds are not
285 * counted in available bds
286 */
bd_available_ep(struct bdc_ep * ep)287 static int bd_available_ep(struct bdc_ep *ep)
288 {
289 struct bd_list *bd_list = &ep->bd_list;
290 int available1, available2;
291 struct bdc *bdc = ep->bdc;
292 int chain_bd1, chain_bd2;
293 int available_bd = 0;
294
295 available1 = available2 = chain_bd1 = chain_bd2 = 0;
296 /* if empty then we have all bd's available - number of chain bd's */
297 if (bd_list->eqp_bdi == bd_list->hwd_bdi)
298 return bd_list->max_bdi - bd_list->num_tabs;
299
300 /*
301 * Depending upon where eqp and dqp pointers are, caculate number
302 * of avaialble bd's
303 */
304 if (bd_list->hwd_bdi < bd_list->eqp_bdi) {
305 /* available bd's are from eqp..max_bds + 0..dqp - chain_bds */
306 available1 = bd_list->max_bdi - bd_list->eqp_bdi;
307 available2 = bd_list->hwd_bdi;
308 chain_bd1 = available1 / bd_list->num_bds_table;
309 chain_bd2 = available2 / bd_list->num_bds_table;
310 dev_vdbg(bdc->dev, "chain_bd1:%d chain_bd2:%d\n",
311 chain_bd1, chain_bd2);
312 available_bd = available1 + available2 - chain_bd1 - chain_bd2;
313 } else {
314 /* available bd's are from eqp..dqp - number of chain bd's */
315 available1 = bd_list->hwd_bdi - bd_list->eqp_bdi;
316 /* if gap between eqp and dqp is less than NUM_BDS_PER_TABLE */
317 if ((bd_list->hwd_bdi - bd_list->eqp_bdi)
318 <= bd_list->num_bds_table) {
319 /* If there any chain bd in between */
320 if (!(bdi_to_tbi(ep, bd_list->hwd_bdi)
321 == bdi_to_tbi(ep, bd_list->eqp_bdi))) {
322 available_bd = available1 - 1;
323 }
324 } else {
325 chain_bd1 = available1 / bd_list->num_bds_table;
326 available_bd = available1 - chain_bd1;
327 }
328 }
329 /*
330 * we need to keep one extra bd to check if ring is full or empty so
331 * reduce by 1
332 */
333 available_bd--;
334 dev_vdbg(bdc->dev, "available_bd:%d\n", available_bd);
335
336 return available_bd;
337 }
338
339 /* Notify the hardware after queueing the bd to bdl */
bdc_notify_xfr(struct bdc * bdc,u32 epnum)340 void bdc_notify_xfr(struct bdc *bdc, u32 epnum)
341 {
342 struct bdc_ep *ep = bdc->bdc_ep_array[epnum];
343
344 dev_vdbg(bdc->dev, "%s epnum:%d\n", __func__, epnum);
345 /*
346 * We don't have anyway to check if ep state is running,
347 * except the software flags.
348 */
349 if (unlikely(ep->flags & BDC_EP_STOP))
350 ep->flags &= ~BDC_EP_STOP;
351
352 bdc_writel(bdc->regs, BDC_XSFNTF, epnum);
353 }
354
355 /* returns the bd corresponding to bdi */
bdi_to_bd(struct bdc_ep * ep,int bdi)356 static struct bdc_bd *bdi_to_bd(struct bdc_ep *ep, int bdi)
357 {
358 int tbi = bdi_to_tbi(ep, bdi);
359 int local_bdi = 0;
360
361 local_bdi = bdi - (tbi * ep->bd_list.num_bds_table);
362 dev_vdbg(ep->bdc->dev,
363 "%s bdi:%d local_bdi:%d\n",
364 __func__, bdi, local_bdi);
365
366 return (ep->bd_list.bd_table_array[tbi]->start_bd + local_bdi);
367 }
368
369 /* Advance the enqueue pointer */
ep_bdlist_eqp_adv(struct bdc_ep * ep)370 static void ep_bdlist_eqp_adv(struct bdc_ep *ep)
371 {
372 ep->bd_list.eqp_bdi++;
373 /* if it's chain bd, then move to next */
374 if (((ep->bd_list.eqp_bdi + 1) % ep->bd_list.num_bds_table) == 0)
375 ep->bd_list.eqp_bdi++;
376
377 /* if the eqp is pointing to last + 1 then move back to 0 */
378 if (ep->bd_list.eqp_bdi == (ep->bd_list.max_bdi + 1))
379 ep->bd_list.eqp_bdi = 0;
380 }
381
382 /* Setup the first bd for ep0 transfer */
setup_first_bd_ep0(struct bdc * bdc,struct bdc_req * req,u32 * dword3)383 static int setup_first_bd_ep0(struct bdc *bdc, struct bdc_req *req, u32 *dword3)
384 {
385 u16 wValue;
386 u32 req_len;
387
388 req->ep->dir = 0;
389 req_len = req->usb_req.length;
390 switch (bdc->ep0_state) {
391 case WAIT_FOR_DATA_START:
392 *dword3 |= BD_TYPE_DS;
393 if (bdc->setup_pkt.bRequestType & USB_DIR_IN)
394 *dword3 |= BD_DIR_IN;
395
396 /* check if zlp will be needed */
397 wValue = le16_to_cpu(bdc->setup_pkt.wValue);
398 if ((wValue > req_len) &&
399 (req_len % bdc->gadget.ep0->maxpacket == 0)) {
400 dev_dbg(bdc->dev, "ZLP needed wVal:%d len:%d MaxP:%d\n",
401 wValue, req_len,
402 bdc->gadget.ep0->maxpacket);
403 bdc->zlp_needed = true;
404 }
405 break;
406
407 case WAIT_FOR_STATUS_START:
408 *dword3 |= BD_TYPE_SS;
409 if (!le16_to_cpu(bdc->setup_pkt.wLength) ||
410 !(bdc->setup_pkt.bRequestType & USB_DIR_IN))
411 *dword3 |= BD_DIR_IN;
412 break;
413 default:
414 dev_err(bdc->dev,
415 "Unknown ep0 state for queueing bd ep0_state:%s\n",
416 ep0_state_string[bdc->ep0_state]);
417 return -EINVAL;
418 }
419
420 return 0;
421 }
422
423 /* Setup the bd dma descriptor for a given request */
setup_bd_list_xfr(struct bdc * bdc,struct bdc_req * req,int num_bds)424 static int setup_bd_list_xfr(struct bdc *bdc, struct bdc_req *req, int num_bds)
425 {
426 dma_addr_t buf_add = req->usb_req.dma;
427 u32 maxp, tfs, dword2, dword3;
428 struct bd_transfer *bd_xfr;
429 struct bd_list *bd_list;
430 struct bdc_ep *ep;
431 struct bdc_bd *bd;
432 int ret, bdnum;
433 u32 req_len;
434
435 ep = req->ep;
436 bd_list = &ep->bd_list;
437 bd_xfr = &req->bd_xfr;
438 bd_xfr->req = req;
439 bd_xfr->start_bdi = bd_list->eqp_bdi;
440 bd = bdi_to_bd(ep, bd_list->eqp_bdi);
441 req_len = req->usb_req.length;
442 maxp = usb_endpoint_maxp(ep->desc);
443 tfs = roundup(req->usb_req.length, maxp);
444 tfs = tfs/maxp;
445 dev_vdbg(bdc->dev, "%s ep:%s num_bds:%d tfs:%d r_len:%d bd:%p\n",
446 __func__, ep->name, num_bds, tfs, req_len, bd);
447
448 for (bdnum = 0; bdnum < num_bds; bdnum++) {
449 dword2 = dword3 = 0;
450 /* First bd */
451 if (!bdnum) {
452 dword3 |= BD_SOT|BD_SBF|(tfs<<BD_TFS_SHIFT);
453 dword2 |= BD_LTF;
454 /* format of first bd for ep0 is different than other */
455 if (ep->ep_num == 1) {
456 ret = setup_first_bd_ep0(bdc, req, &dword3);
457 if (ret)
458 return ret;
459 }
460 }
461 if (!req->ep->dir)
462 dword3 |= BD_ISP;
463
464 if (req_len > BD_MAX_BUFF_SIZE) {
465 dword2 |= BD_MAX_BUFF_SIZE;
466 req_len -= BD_MAX_BUFF_SIZE;
467 } else {
468 /* this should be the last bd */
469 dword2 |= req_len;
470 dword3 |= BD_IOC;
471 dword3 |= BD_EOT;
472 }
473 /* Currently only 1 INT target is supported */
474 dword2 |= BD_INTR_TARGET(0);
475 bd = bdi_to_bd(ep, ep->bd_list.eqp_bdi);
476 if (unlikely(!bd)) {
477 dev_err(bdc->dev, "Err bd pointing to wrong addr\n");
478 return -EINVAL;
479 }
480 /* write bd */
481 bd->offset[0] = cpu_to_le32(lower_32_bits(buf_add));
482 bd->offset[1] = cpu_to_le32(upper_32_bits(buf_add));
483 bd->offset[2] = cpu_to_le32(dword2);
484 bd->offset[3] = cpu_to_le32(dword3);
485 /* advance eqp pointer */
486 ep_bdlist_eqp_adv(ep);
487 /* advance the buff pointer */
488 buf_add += BD_MAX_BUFF_SIZE;
489 dev_vdbg(bdc->dev, "buf_add:%08llx req_len:%d bd:%p eqp:%d\n",
490 (unsigned long long)buf_add, req_len, bd,
491 ep->bd_list.eqp_bdi);
492 bd = bdi_to_bd(ep, ep->bd_list.eqp_bdi);
493 bd->offset[3] = cpu_to_le32(BD_SBF);
494 }
495 /* clear the STOP BD fetch bit from the first bd of this xfr */
496 bd = bdi_to_bd(ep, bd_xfr->start_bdi);
497 bd->offset[3] &= cpu_to_le32(~BD_SBF);
498 /* the new eqp will be next hw dqp */
499 bd_xfr->num_bds = num_bds;
500 bd_xfr->next_hwd_bdi = ep->bd_list.eqp_bdi;
501 /* everything is written correctly before notifying the HW */
502 wmb();
503
504 return 0;
505 }
506
507 /* Queue the xfr */
bdc_queue_xfr(struct bdc * bdc,struct bdc_req * req)508 static int bdc_queue_xfr(struct bdc *bdc, struct bdc_req *req)
509 {
510 int num_bds, bd_available;
511 struct bdc_ep *ep;
512 int ret;
513
514 ep = req->ep;
515 dev_dbg(bdc->dev, "%s req:%p\n", __func__, req);
516 dev_dbg(bdc->dev, "eqp_bdi:%d hwd_bdi:%d\n",
517 ep->bd_list.eqp_bdi, ep->bd_list.hwd_bdi);
518
519 num_bds = bd_needed_req(req);
520 bd_available = bd_available_ep(ep);
521
522 /* how many bd's are avaialble on ep */
523 if (num_bds > bd_available)
524 return -ENOMEM;
525
526 ret = setup_bd_list_xfr(bdc, req, num_bds);
527 if (ret)
528 return ret;
529 list_add_tail(&req->queue, &ep->queue);
530 bdc_dbg_bd_list(bdc, ep);
531 bdc_notify_xfr(bdc, ep->ep_num);
532
533 return 0;
534 }
535
536 /* callback to gadget layer when xfr completes */
bdc_req_complete(struct bdc_ep * ep,struct bdc_req * req,int status)537 static void bdc_req_complete(struct bdc_ep *ep, struct bdc_req *req,
538 int status)
539 {
540 struct bdc *bdc = ep->bdc;
541
542 if (req == NULL)
543 return;
544
545 dev_dbg(bdc->dev, "%s ep:%s status:%d\n", __func__, ep->name, status);
546 list_del(&req->queue);
547 req->usb_req.status = status;
548 usb_gadget_unmap_request(&bdc->gadget, &req->usb_req, ep->dir);
549 if (req->usb_req.complete) {
550 spin_unlock(&bdc->lock);
551 usb_gadget_giveback_request(&ep->usb_ep, &req->usb_req);
552 spin_lock(&bdc->lock);
553 }
554 }
555
556 /* Disable the endpoint */
bdc_ep_disable(struct bdc_ep * ep)557 int bdc_ep_disable(struct bdc_ep *ep)
558 {
559 struct bdc_req *req;
560 struct bdc *bdc;
561 int ret;
562
563 ret = 0;
564 bdc = ep->bdc;
565 dev_dbg(bdc->dev, "%s() ep->ep_num=%d\n", __func__, ep->ep_num);
566 /* Stop the endpoint */
567 ret = bdc_stop_ep(bdc, ep->ep_num);
568
569 /*
570 * Intentionally don't check the ret value of stop, it can fail in
571 * disconnect scenarios, continue with dconfig
572 */
573 /* de-queue any pending requests */
574 while (!list_empty(&ep->queue)) {
575 req = list_entry(ep->queue.next, struct bdc_req,
576 queue);
577 bdc_req_complete(ep, req, -ESHUTDOWN);
578 }
579 /* deconfigure the endpoint */
580 ret = bdc_dconfig_ep(bdc, ep);
581 if (ret)
582 dev_warn(bdc->dev,
583 "dconfig fail but continue with memory free");
584
585 ep->flags = 0;
586 /* ep0 memory is not freed, but reused on next connect sr */
587 if (ep->ep_num == 1)
588 return 0;
589
590 /* Free the bdl memory */
591 ep_bd_list_free(ep, ep->bd_list.num_tabs);
592 ep->desc = NULL;
593 ep->comp_desc = NULL;
594 ep->usb_ep.desc = NULL;
595 ep->ep_type = 0;
596
597 return ret;
598 }
599
600 /* Enable the ep */
bdc_ep_enable(struct bdc_ep * ep)601 int bdc_ep_enable(struct bdc_ep *ep)
602 {
603 struct bdc *bdc;
604 int ret = 0;
605
606 bdc = ep->bdc;
607 dev_dbg(bdc->dev, "%s NUM_TABLES:%d %d\n",
608 __func__, NUM_TABLES, NUM_TABLES_ISOCH);
609
610 ret = ep_bd_list_alloc(ep);
611 if (ret) {
612 dev_err(bdc->dev, "ep bd list allocation failed:%d\n", ret);
613 return -ENOMEM;
614 }
615 bdc_dbg_bd_list(bdc, ep);
616 /* only for ep0: config ep is called for ep0 from connect event */
617 if (ep->ep_num == 1)
618 return ret;
619
620 /* Issue a configure endpoint command */
621 ret = bdc_config_ep(bdc, ep);
622 if (ret)
623 return ret;
624
625 ep->usb_ep.maxpacket = usb_endpoint_maxp(ep->desc);
626 ep->usb_ep.desc = ep->desc;
627 ep->usb_ep.comp_desc = ep->comp_desc;
628 ep->ep_type = usb_endpoint_type(ep->desc);
629 ep->flags |= BDC_EP_ENABLED;
630
631 return 0;
632 }
633
634 /* EP0 related code */
635
636 /* Queue a status stage BD */
ep0_queue_status_stage(struct bdc * bdc)637 static int ep0_queue_status_stage(struct bdc *bdc)
638 {
639 struct bdc_req *status_req;
640 struct bdc_ep *ep;
641
642 status_req = &bdc->status_req;
643 ep = bdc->bdc_ep_array[1];
644 status_req->ep = ep;
645 status_req->usb_req.length = 0;
646 status_req->usb_req.status = -EINPROGRESS;
647 status_req->usb_req.actual = 0;
648 status_req->usb_req.complete = NULL;
649 bdc_queue_xfr(bdc, status_req);
650
651 return 0;
652 }
653
654 /* Queue xfr on ep0 */
ep0_queue(struct bdc_ep * ep,struct bdc_req * req)655 static int ep0_queue(struct bdc_ep *ep, struct bdc_req *req)
656 {
657 struct bdc *bdc;
658 int ret;
659
660 bdc = ep->bdc;
661 dev_dbg(bdc->dev, "%s()\n", __func__);
662 req->usb_req.actual = 0;
663 req->usb_req.status = -EINPROGRESS;
664 req->epnum = ep->ep_num;
665
666 if (bdc->delayed_status) {
667 bdc->delayed_status = false;
668 /* if status stage was delayed? */
669 if (bdc->ep0_state == WAIT_FOR_STATUS_START) {
670 /* Queue a status stage BD */
671 ep0_queue_status_stage(bdc);
672 bdc->ep0_state = WAIT_FOR_STATUS_XMIT;
673 return 0;
674 }
675 } else {
676 /*
677 * if delayed status is false and 0 length transfer is requested
678 * i.e. for status stage of some setup request, then just
679 * return from here the status stage is queued independently
680 */
681 if (req->usb_req.length == 0)
682 return 0;
683
684 }
685 ret = usb_gadget_map_request(&bdc->gadget, &req->usb_req, ep->dir);
686 if (ret) {
687 dev_err(bdc->dev, "dma mapping failed %s\n", ep->name);
688 return ret;
689 }
690
691 return bdc_queue_xfr(bdc, req);
692 }
693
694 /* Queue data stage */
ep0_queue_data_stage(struct bdc * bdc)695 static int ep0_queue_data_stage(struct bdc *bdc)
696 {
697 struct bdc_ep *ep;
698
699 dev_dbg(bdc->dev, "%s\n", __func__);
700 ep = bdc->bdc_ep_array[1];
701 bdc->ep0_req.ep = ep;
702 bdc->ep0_req.usb_req.complete = NULL;
703
704 return ep0_queue(ep, &bdc->ep0_req);
705 }
706
707 /* Queue req on ep */
ep_queue(struct bdc_ep * ep,struct bdc_req * req)708 static int ep_queue(struct bdc_ep *ep, struct bdc_req *req)
709 {
710 struct bdc *bdc;
711 int ret = 0;
712
713 if (!req || !ep->usb_ep.desc)
714 return -EINVAL;
715
716 bdc = ep->bdc;
717
718 req->usb_req.actual = 0;
719 req->usb_req.status = -EINPROGRESS;
720 req->epnum = ep->ep_num;
721
722 ret = usb_gadget_map_request(&bdc->gadget, &req->usb_req, ep->dir);
723 if (ret) {
724 dev_err(bdc->dev, "dma mapping failed\n");
725 return ret;
726 }
727
728 return bdc_queue_xfr(bdc, req);
729 }
730
731 /* Dequeue a request from ep */
ep_dequeue(struct bdc_ep * ep,struct bdc_req * req)732 static int ep_dequeue(struct bdc_ep *ep, struct bdc_req *req)
733 {
734 int start_bdi, end_bdi, tbi, eqp_bdi, curr_hw_dqpi;
735 bool start_pending, end_pending;
736 bool first_remove = false;
737 struct bdc_req *first_req;
738 struct bdc_bd *bd_start;
739 struct bd_table *table;
740 dma_addr_t next_bd_dma;
741 u64 deq_ptr_64 = 0;
742 struct bdc *bdc;
743 u32 tmp_32;
744 int ret;
745
746 bdc = ep->bdc;
747 start_pending = end_pending = false;
748 eqp_bdi = ep->bd_list.eqp_bdi - 1;
749
750 if (eqp_bdi < 0)
751 eqp_bdi = ep->bd_list.max_bdi;
752
753 start_bdi = req->bd_xfr.start_bdi;
754 end_bdi = find_end_bdi(ep, req->bd_xfr.next_hwd_bdi);
755
756 dev_dbg(bdc->dev, "%s ep:%s start:%d end:%d\n",
757 __func__, ep->name, start_bdi, end_bdi);
758 dev_dbg(bdc->dev, "%s ep=%p ep->desc=%p\n", __func__,
759 ep, (void *)ep->usb_ep.desc);
760 /* if still connected, stop the ep to see where the HW is ? */
761 if (!(bdc_readl(bdc->regs, BDC_USPC) & BDC_PST_MASK)) {
762 ret = bdc_stop_ep(bdc, ep->ep_num);
763 /* if there is an issue, then no need to go further */
764 if (ret)
765 return 0;
766 } else
767 return 0;
768
769 /*
770 * After endpoint is stopped, there can be 3 cases, the request
771 * is processed, pending or in the middle of processing
772 */
773
774 /* The current hw dequeue pointer */
775 tmp_32 = bdc_readl(bdc->regs, BDC_EPSTS0);
776 deq_ptr_64 = tmp_32;
777 tmp_32 = bdc_readl(bdc->regs, BDC_EPSTS1);
778 deq_ptr_64 |= ((u64)tmp_32 << 32);
779
780 /* we have the dma addr of next bd that will be fetched by hardware */
781 curr_hw_dqpi = bd_add_to_bdi(ep, deq_ptr_64);
782 if (curr_hw_dqpi < 0)
783 return curr_hw_dqpi;
784
785 /*
786 * curr_hw_dqpi points to actual dqp of HW and HW owns bd's from
787 * curr_hw_dqbdi..eqp_bdi.
788 */
789
790 /* Check if start_bdi and end_bdi are in range of HW owned BD's */
791 if (curr_hw_dqpi > eqp_bdi) {
792 /* there is a wrap from last to 0 */
793 if (start_bdi >= curr_hw_dqpi || start_bdi <= eqp_bdi) {
794 start_pending = true;
795 end_pending = true;
796 } else if (end_bdi >= curr_hw_dqpi || end_bdi <= eqp_bdi) {
797 end_pending = true;
798 }
799 } else {
800 if (start_bdi >= curr_hw_dqpi) {
801 start_pending = true;
802 end_pending = true;
803 } else if (end_bdi >= curr_hw_dqpi) {
804 end_pending = true;
805 }
806 }
807 dev_dbg(bdc->dev,
808 "start_pending:%d end_pending:%d speed:%d\n",
809 start_pending, end_pending, bdc->gadget.speed);
810
811 /* If both start till end are processes, we cannot deq req */
812 if (!start_pending && !end_pending)
813 return -EINVAL;
814
815 /*
816 * if ep_dequeue is called after disconnect then just return
817 * success from here
818 */
819 if (bdc->gadget.speed == USB_SPEED_UNKNOWN)
820 return 0;
821 tbi = bdi_to_tbi(ep, req->bd_xfr.next_hwd_bdi);
822 table = ep->bd_list.bd_table_array[tbi];
823 next_bd_dma = table->dma +
824 sizeof(struct bdc_bd)*(req->bd_xfr.next_hwd_bdi -
825 tbi * ep->bd_list.num_bds_table);
826
827 first_req = list_first_entry(&ep->queue, struct bdc_req,
828 queue);
829
830 if (req == first_req)
831 first_remove = true;
832
833 /*
834 * Due to HW limitation we need to bypadd chain bd's and issue ep_bla,
835 * incase if start is pending this is the first request in the list
836 * then issue ep_bla instead of marking as chain bd
837 */
838 if (start_pending && !first_remove) {
839 /*
840 * Mark the start bd as Chain bd, and point the chain
841 * bd to next_bd_dma
842 */
843 bd_start = bdi_to_bd(ep, start_bdi);
844 bd_start->offset[0] = cpu_to_le32(lower_32_bits(next_bd_dma));
845 bd_start->offset[1] = cpu_to_le32(upper_32_bits(next_bd_dma));
846 bd_start->offset[2] = 0x0;
847 bd_start->offset[3] = cpu_to_le32(MARK_CHAIN_BD);
848 bdc_dbg_bd_list(bdc, ep);
849 } else if (end_pending) {
850 /*
851 * The transfer is stopped in the middle, move the
852 * HW deq pointer to next_bd_dma
853 */
854 ret = bdc_ep_bla(bdc, ep, next_bd_dma);
855 if (ret) {
856 dev_err(bdc->dev, "error in ep_bla:%d\n", ret);
857 return ret;
858 }
859 }
860
861 return 0;
862 }
863
864 /* Halt/Clear the ep based on value */
ep_set_halt(struct bdc_ep * ep,u32 value)865 static int ep_set_halt(struct bdc_ep *ep, u32 value)
866 {
867 struct bdc *bdc;
868 int ret;
869
870 bdc = ep->bdc;
871 dev_dbg(bdc->dev, "%s ep:%s value=%d\n", __func__, ep->name, value);
872
873 if (value) {
874 dev_dbg(bdc->dev, "Halt\n");
875 if (ep->ep_num == 1)
876 bdc->ep0_state = WAIT_FOR_SETUP;
877
878 ret = bdc_ep_set_stall(bdc, ep->ep_num);
879 if (ret)
880 dev_err(bdc->dev, "failed to set STALL on %s\n",
881 ep->name);
882 else
883 ep->flags |= BDC_EP_STALL;
884 } else {
885 /* Clear */
886 dev_dbg(bdc->dev, "Before Clear\n");
887 ret = bdc_ep_clear_stall(bdc, ep->ep_num);
888 if (ret)
889 dev_err(bdc->dev, "failed to clear STALL on %s\n",
890 ep->name);
891 else
892 ep->flags &= ~BDC_EP_STALL;
893 dev_dbg(bdc->dev, "After Clear\n");
894 }
895
896 return ret;
897 }
898
899 /* Free all the ep */
bdc_free_ep(struct bdc * bdc)900 void bdc_free_ep(struct bdc *bdc)
901 {
902 struct bdc_ep *ep;
903 u8 epnum;
904
905 dev_dbg(bdc->dev, "%s\n", __func__);
906 for (epnum = 1; epnum < bdc->num_eps; epnum++) {
907 ep = bdc->bdc_ep_array[epnum];
908 if (!ep)
909 continue;
910
911 if (ep->flags & BDC_EP_ENABLED)
912 ep_bd_list_free(ep, ep->bd_list.num_tabs);
913
914 /* ep0 is not in this gadget list */
915 if (epnum != 1)
916 list_del(&ep->usb_ep.ep_list);
917
918 kfree(ep);
919 }
920 }
921
922 /* USB2 spec, section 7.1.20 */
bdc_set_test_mode(struct bdc * bdc)923 static int bdc_set_test_mode(struct bdc *bdc)
924 {
925 u32 usb2_pm;
926
927 usb2_pm = bdc_readl(bdc->regs, BDC_USPPM2);
928 usb2_pm &= ~BDC_PTC_MASK;
929 dev_dbg(bdc->dev, "%s\n", __func__);
930 switch (bdc->test_mode) {
931 case USB_TEST_J:
932 case USB_TEST_K:
933 case USB_TEST_SE0_NAK:
934 case USB_TEST_PACKET:
935 case USB_TEST_FORCE_ENABLE:
936 usb2_pm |= bdc->test_mode << 28;
937 break;
938 default:
939 return -EINVAL;
940 }
941 dev_dbg(bdc->dev, "usb2_pm=%08x", usb2_pm);
942 bdc_writel(bdc->regs, BDC_USPPM2, usb2_pm);
943
944 return 0;
945 }
946
947 /*
948 * Helper function to handle Transfer status report with status as either
949 * success or short
950 */
handle_xsr_succ_status(struct bdc * bdc,struct bdc_ep * ep,struct bdc_sr * sreport)951 static void handle_xsr_succ_status(struct bdc *bdc, struct bdc_ep *ep,
952 struct bdc_sr *sreport)
953 {
954 int short_bdi, start_bdi, end_bdi, max_len_bds, chain_bds;
955 struct bd_list *bd_list = &ep->bd_list;
956 int actual_length, length_short;
957 struct bd_transfer *bd_xfr;
958 struct bdc_bd *short_bd;
959 struct bdc_req *req;
960 u64 deq_ptr_64 = 0;
961 int status = 0;
962 int sr_status;
963 u32 tmp_32;
964
965 dev_dbg(bdc->dev, "%s ep:%p\n", __func__, ep);
966 bdc_dbg_srr(bdc, 0);
967 /* do not process thie sr if ignore flag is set */
968 if (ep->ignore_next_sr) {
969 ep->ignore_next_sr = false;
970 return;
971 }
972
973 if (unlikely(list_empty(&ep->queue))) {
974 dev_warn(bdc->dev, "xfr srr with no BD's queued\n");
975 return;
976 }
977 req = list_entry(ep->queue.next, struct bdc_req,
978 queue);
979
980 bd_xfr = &req->bd_xfr;
981 sr_status = XSF_STS(le32_to_cpu(sreport->offset[3]));
982
983 /*
984 * sr_status is short and this transfer has more than 1 bd then it needs
985 * special handling, this is only applicable for bulk and ctrl
986 */
987 if (sr_status == XSF_SHORT && bd_xfr->num_bds > 1) {
988 /*
989 * This is multi bd xfr, lets see which bd
990 * caused short transfer and how many bytes have been
991 * transferred so far.
992 */
993 tmp_32 = le32_to_cpu(sreport->offset[0]);
994 deq_ptr_64 = tmp_32;
995 tmp_32 = le32_to_cpu(sreport->offset[1]);
996 deq_ptr_64 |= ((u64)tmp_32 << 32);
997 short_bdi = bd_add_to_bdi(ep, deq_ptr_64);
998 if (unlikely(short_bdi < 0))
999 dev_warn(bdc->dev, "bd doesn't exist?\n");
1000
1001 start_bdi = bd_xfr->start_bdi;
1002 /*
1003 * We know the start_bdi and short_bdi, how many xfr
1004 * bds in between
1005 */
1006 if (start_bdi <= short_bdi) {
1007 max_len_bds = short_bdi - start_bdi;
1008 if (max_len_bds <= bd_list->num_bds_table) {
1009 if (!(bdi_to_tbi(ep, start_bdi) ==
1010 bdi_to_tbi(ep, short_bdi)))
1011 max_len_bds--;
1012 } else {
1013 chain_bds = max_len_bds/bd_list->num_bds_table;
1014 max_len_bds -= chain_bds;
1015 }
1016 } else {
1017 /* there is a wrap in the ring within a xfr */
1018 chain_bds = (bd_list->max_bdi - start_bdi)/
1019 bd_list->num_bds_table;
1020 chain_bds += short_bdi/bd_list->num_bds_table;
1021 max_len_bds = bd_list->max_bdi - start_bdi;
1022 max_len_bds += short_bdi;
1023 max_len_bds -= chain_bds;
1024 }
1025 /* max_len_bds is the number of full length bds */
1026 end_bdi = find_end_bdi(ep, bd_xfr->next_hwd_bdi);
1027 if (!(end_bdi == short_bdi))
1028 ep->ignore_next_sr = true;
1029
1030 actual_length = max_len_bds * BD_MAX_BUFF_SIZE;
1031 short_bd = bdi_to_bd(ep, short_bdi);
1032 /* length queued */
1033 length_short = le32_to_cpu(short_bd->offset[2]) & 0x1FFFFF;
1034 /* actual length trensfered */
1035 length_short -= SR_BD_LEN(le32_to_cpu(sreport->offset[2]));
1036 actual_length += length_short;
1037 req->usb_req.actual = actual_length;
1038 } else {
1039 req->usb_req.actual = req->usb_req.length -
1040 SR_BD_LEN(le32_to_cpu(sreport->offset[2]));
1041 dev_dbg(bdc->dev,
1042 "len=%d actual=%d bd_xfr->next_hwd_bdi:%d\n",
1043 req->usb_req.length, req->usb_req.actual,
1044 bd_xfr->next_hwd_bdi);
1045 }
1046
1047 /* Update the dequeue pointer */
1048 ep->bd_list.hwd_bdi = bd_xfr->next_hwd_bdi;
1049 if (req->usb_req.actual < req->usb_req.length) {
1050 dev_dbg(bdc->dev, "short xfr on %d\n", ep->ep_num);
1051 if (req->usb_req.short_not_ok)
1052 status = -EREMOTEIO;
1053 }
1054 bdc_req_complete(ep, bd_xfr->req, status);
1055 }
1056
1057 /* EP0 setup related packet handlers */
1058
1059 /*
1060 * Setup packet received, just store the packet and process on next DS or SS
1061 * started SR
1062 */
bdc_xsf_ep0_setup_recv(struct bdc * bdc,struct bdc_sr * sreport)1063 void bdc_xsf_ep0_setup_recv(struct bdc *bdc, struct bdc_sr *sreport)
1064 {
1065 struct usb_ctrlrequest *setup_pkt;
1066 u32 len;
1067
1068 dev_dbg(bdc->dev,
1069 "%s ep0_state:%s\n",
1070 __func__, ep0_state_string[bdc->ep0_state]);
1071 /* Store received setup packet */
1072 setup_pkt = &bdc->setup_pkt;
1073 memcpy(setup_pkt, &sreport->offset[0], sizeof(*setup_pkt));
1074 len = le16_to_cpu(setup_pkt->wLength);
1075 if (!len)
1076 bdc->ep0_state = WAIT_FOR_STATUS_START;
1077 else
1078 bdc->ep0_state = WAIT_FOR_DATA_START;
1079
1080
1081 dev_dbg(bdc->dev,
1082 "%s exit ep0_state:%s\n",
1083 __func__, ep0_state_string[bdc->ep0_state]);
1084 }
1085
1086 /* Stall ep0 */
ep0_stall(struct bdc * bdc)1087 static void ep0_stall(struct bdc *bdc)
1088 {
1089 struct bdc_ep *ep = bdc->bdc_ep_array[1];
1090 struct bdc_req *req;
1091
1092 dev_dbg(bdc->dev, "%s\n", __func__);
1093 bdc->delayed_status = false;
1094 ep_set_halt(ep, 1);
1095
1096 /* de-queue any pendig requests */
1097 while (!list_empty(&ep->queue)) {
1098 req = list_entry(ep->queue.next, struct bdc_req,
1099 queue);
1100 bdc_req_complete(ep, req, -ESHUTDOWN);
1101 }
1102 }
1103
1104 /* SET_ADD handlers */
ep0_set_address(struct bdc * bdc,struct usb_ctrlrequest * ctrl)1105 static int ep0_set_address(struct bdc *bdc, struct usb_ctrlrequest *ctrl)
1106 {
1107 enum usb_device_state state = bdc->gadget.state;
1108 int ret = 0;
1109 u32 addr;
1110
1111 addr = le16_to_cpu(ctrl->wValue);
1112 dev_dbg(bdc->dev,
1113 "%s addr:%d dev state:%d\n",
1114 __func__, addr, state);
1115
1116 if (addr > 127)
1117 return -EINVAL;
1118
1119 switch (state) {
1120 case USB_STATE_DEFAULT:
1121 case USB_STATE_ADDRESS:
1122 /* Issue Address device command */
1123 ret = bdc_address_device(bdc, addr);
1124 if (ret)
1125 return ret;
1126
1127 if (addr)
1128 usb_gadget_set_state(&bdc->gadget, USB_STATE_ADDRESS);
1129 else
1130 usb_gadget_set_state(&bdc->gadget, USB_STATE_DEFAULT);
1131
1132 bdc->dev_addr = addr;
1133 break;
1134 default:
1135 dev_warn(bdc->dev,
1136 "SET Address in wrong device state %d\n",
1137 state);
1138 ret = -EINVAL;
1139 }
1140
1141 return ret;
1142 }
1143
1144 /* Handler for SET/CLEAR FEATURE requests for device */
ep0_handle_feature_dev(struct bdc * bdc,u16 wValue,u16 wIndex,bool set)1145 static int ep0_handle_feature_dev(struct bdc *bdc, u16 wValue,
1146 u16 wIndex, bool set)
1147 {
1148 enum usb_device_state state = bdc->gadget.state;
1149 u32 usppms = 0;
1150
1151 dev_dbg(bdc->dev, "%s set:%d dev state:%d\n",
1152 __func__, set, state);
1153 switch (wValue) {
1154 case USB_DEVICE_REMOTE_WAKEUP:
1155 dev_dbg(bdc->dev, "USB_DEVICE_REMOTE_WAKEUP\n");
1156 if (set)
1157 bdc->devstatus |= REMOTE_WAKE_ENABLE;
1158 else
1159 bdc->devstatus &= ~REMOTE_WAKE_ENABLE;
1160 break;
1161
1162 case USB_DEVICE_TEST_MODE:
1163 dev_dbg(bdc->dev, "USB_DEVICE_TEST_MODE\n");
1164 if ((wIndex & 0xFF) ||
1165 (bdc->gadget.speed != USB_SPEED_HIGH) || !set)
1166 return -EINVAL;
1167
1168 bdc->test_mode = wIndex >> 8;
1169 break;
1170
1171 case USB_DEVICE_U1_ENABLE:
1172 dev_dbg(bdc->dev, "USB_DEVICE_U1_ENABLE\n");
1173
1174 if (bdc->gadget.speed != USB_SPEED_SUPER ||
1175 state != USB_STATE_CONFIGURED)
1176 return -EINVAL;
1177
1178 usppms = bdc_readl(bdc->regs, BDC_USPPMS);
1179 if (set) {
1180 /* clear previous u1t */
1181 usppms &= ~BDC_U1T(BDC_U1T_MASK);
1182 usppms |= BDC_U1T(U1_TIMEOUT);
1183 usppms |= BDC_U1E | BDC_PORT_W1S;
1184 bdc->devstatus |= (1 << USB_DEV_STAT_U1_ENABLED);
1185 } else {
1186 usppms &= ~BDC_U1E;
1187 usppms |= BDC_PORT_W1S;
1188 bdc->devstatus &= ~(1 << USB_DEV_STAT_U1_ENABLED);
1189 }
1190 bdc_writel(bdc->regs, BDC_USPPMS, usppms);
1191 break;
1192
1193 case USB_DEVICE_U2_ENABLE:
1194 dev_dbg(bdc->dev, "USB_DEVICE_U2_ENABLE\n");
1195
1196 if (bdc->gadget.speed != USB_SPEED_SUPER ||
1197 state != USB_STATE_CONFIGURED)
1198 return -EINVAL;
1199
1200 usppms = bdc_readl(bdc->regs, BDC_USPPMS);
1201 if (set) {
1202 usppms |= BDC_U2E;
1203 usppms |= BDC_U2A;
1204 bdc->devstatus |= (1 << USB_DEV_STAT_U2_ENABLED);
1205 } else {
1206 usppms &= ~BDC_U2E;
1207 usppms &= ~BDC_U2A;
1208 bdc->devstatus &= ~(1 << USB_DEV_STAT_U2_ENABLED);
1209 }
1210 bdc_writel(bdc->regs, BDC_USPPMS, usppms);
1211 break;
1212
1213 case USB_DEVICE_LTM_ENABLE:
1214 dev_dbg(bdc->dev, "USB_DEVICE_LTM_ENABLE?\n");
1215 if (bdc->gadget.speed != USB_SPEED_SUPER ||
1216 state != USB_STATE_CONFIGURED)
1217 return -EINVAL;
1218 break;
1219 default:
1220 dev_err(bdc->dev, "Unknown wValue:%d\n", wValue);
1221 return -EOPNOTSUPP;
1222 } /* USB_RECIP_DEVICE end */
1223
1224 return 0;
1225 }
1226
1227 /* SET/CLEAR FEATURE handler */
ep0_handle_feature(struct bdc * bdc,struct usb_ctrlrequest * setup_pkt,bool set)1228 static int ep0_handle_feature(struct bdc *bdc,
1229 struct usb_ctrlrequest *setup_pkt, bool set)
1230 {
1231 enum usb_device_state state = bdc->gadget.state;
1232 struct bdc_ep *ep;
1233 u16 wValue;
1234 u16 wIndex;
1235 int epnum;
1236
1237 wValue = le16_to_cpu(setup_pkt->wValue);
1238 wIndex = le16_to_cpu(setup_pkt->wIndex);
1239
1240 dev_dbg(bdc->dev,
1241 "%s wValue=%d wIndex=%d devstate=%08x speed=%d set=%d",
1242 __func__, wValue, wIndex, state,
1243 bdc->gadget.speed, set);
1244
1245 switch (setup_pkt->bRequestType & USB_RECIP_MASK) {
1246 case USB_RECIP_DEVICE:
1247 return ep0_handle_feature_dev(bdc, wValue, wIndex, set);
1248 case USB_RECIP_INTERFACE:
1249 dev_dbg(bdc->dev, "USB_RECIP_INTERFACE\n");
1250 /* USB3 spec, sec 9.4.9 */
1251 if (wValue != USB_INTRF_FUNC_SUSPEND)
1252 return -EINVAL;
1253 /* USB3 spec, Table 9-8 */
1254 if (set) {
1255 if (wIndex & USB_INTRF_FUNC_SUSPEND_RW) {
1256 dev_dbg(bdc->dev, "SET REMOTE_WAKEUP\n");
1257 bdc->devstatus |= REMOTE_WAKE_ENABLE;
1258 } else {
1259 dev_dbg(bdc->dev, "CLEAR REMOTE_WAKEUP\n");
1260 bdc->devstatus &= ~REMOTE_WAKE_ENABLE;
1261 }
1262 }
1263 break;
1264
1265 case USB_RECIP_ENDPOINT:
1266 dev_dbg(bdc->dev, "USB_RECIP_ENDPOINT\n");
1267 if (wValue != USB_ENDPOINT_HALT)
1268 return -EINVAL;
1269
1270 epnum = wIndex & USB_ENDPOINT_NUMBER_MASK;
1271 if (epnum) {
1272 if ((wIndex & USB_ENDPOINT_DIR_MASK) == USB_DIR_IN)
1273 epnum = epnum * 2 + 1;
1274 else
1275 epnum *= 2;
1276 } else {
1277 epnum = 1; /*EP0*/
1278 }
1279 /*
1280 * If CLEAR_FEATURE on ep0 then don't do anything as the stall
1281 * condition on ep0 has already been cleared when SETUP packet
1282 * was received.
1283 */
1284 if (epnum == 1 && !set) {
1285 dev_dbg(bdc->dev, "ep0 stall already cleared\n");
1286 return 0;
1287 }
1288 dev_dbg(bdc->dev, "epnum=%d\n", epnum);
1289 ep = bdc->bdc_ep_array[epnum];
1290 if (!ep)
1291 return -EINVAL;
1292
1293 return ep_set_halt(ep, set);
1294 default:
1295 dev_err(bdc->dev, "Unknown recipient\n");
1296 return -EINVAL;
1297 }
1298
1299 return 0;
1300 }
1301
1302 /* GET_STATUS request handler */
ep0_handle_status(struct bdc * bdc,struct usb_ctrlrequest * setup_pkt)1303 static int ep0_handle_status(struct bdc *bdc,
1304 struct usb_ctrlrequest *setup_pkt)
1305 {
1306 enum usb_device_state state = bdc->gadget.state;
1307 struct bdc_ep *ep;
1308 u16 usb_status = 0;
1309 u32 epnum;
1310 u16 wIndex;
1311
1312 /* USB2.0 spec sec 9.4.5 */
1313 if (state == USB_STATE_DEFAULT)
1314 return -EINVAL;
1315 wIndex = le16_to_cpu(setup_pkt->wIndex);
1316 dev_dbg(bdc->dev, "%s\n", __func__);
1317 usb_status = bdc->devstatus;
1318 switch (setup_pkt->bRequestType & USB_RECIP_MASK) {
1319 case USB_RECIP_DEVICE:
1320 dev_dbg(bdc->dev,
1321 "USB_RECIP_DEVICE devstatus:%08x\n",
1322 bdc->devstatus);
1323 /* USB3 spec, sec 9.4.5 */
1324 if (bdc->gadget.speed == USB_SPEED_SUPER)
1325 usb_status &= ~REMOTE_WAKE_ENABLE;
1326 break;
1327
1328 case USB_RECIP_INTERFACE:
1329 dev_dbg(bdc->dev, "USB_RECIP_INTERFACE\n");
1330 if (bdc->gadget.speed == USB_SPEED_SUPER) {
1331 /*
1332 * This should come from func for Func remote wkup
1333 * usb_status |=1;
1334 */
1335 if (bdc->devstatus & REMOTE_WAKE_ENABLE)
1336 usb_status |= REMOTE_WAKE_ENABLE;
1337 } else {
1338 usb_status = 0;
1339 }
1340
1341 break;
1342
1343 case USB_RECIP_ENDPOINT:
1344 dev_dbg(bdc->dev, "USB_RECIP_ENDPOINT\n");
1345 epnum = wIndex & USB_ENDPOINT_NUMBER_MASK;
1346 if (epnum) {
1347 if ((wIndex & USB_ENDPOINT_DIR_MASK) == USB_DIR_IN)
1348 epnum = epnum*2 + 1;
1349 else
1350 epnum *= 2;
1351 } else {
1352 epnum = 1; /* EP0 */
1353 }
1354
1355 ep = bdc->bdc_ep_array[epnum];
1356 if (!ep) {
1357 dev_err(bdc->dev, "ISSUE, GET_STATUS for invalid EP ?");
1358 return -EINVAL;
1359 }
1360 if (ep->flags & BDC_EP_STALL)
1361 usb_status |= 1 << USB_ENDPOINT_HALT;
1362
1363 break;
1364 default:
1365 dev_err(bdc->dev, "Unknown recipient for get_status\n");
1366 return -EINVAL;
1367 }
1368 /* prepare a data stage for GET_STATUS */
1369 dev_dbg(bdc->dev, "usb_status=%08x\n", usb_status);
1370 *(__le16 *)bdc->ep0_response_buff = cpu_to_le16(usb_status);
1371 bdc->ep0_req.usb_req.length = 2;
1372 bdc->ep0_req.usb_req.buf = &bdc->ep0_response_buff;
1373 ep0_queue_data_stage(bdc);
1374
1375 return 0;
1376 }
1377
ep0_set_sel_cmpl(struct usb_ep * _ep,struct usb_request * _req)1378 static void ep0_set_sel_cmpl(struct usb_ep *_ep, struct usb_request *_req)
1379 {
1380 /* ep0_set_sel_cmpl */
1381 }
1382
1383 /* Queue data stage to handle 6 byte SET_SEL request */
ep0_set_sel(struct bdc * bdc,struct usb_ctrlrequest * setup_pkt)1384 static int ep0_set_sel(struct bdc *bdc,
1385 struct usb_ctrlrequest *setup_pkt)
1386 {
1387 struct bdc_ep *ep;
1388 u16 wLength;
1389
1390 dev_dbg(bdc->dev, "%s\n", __func__);
1391 wLength = le16_to_cpu(setup_pkt->wLength);
1392 if (unlikely(wLength != 6)) {
1393 dev_err(bdc->dev, "%s Wrong wLength:%d\n", __func__, wLength);
1394 return -EINVAL;
1395 }
1396 ep = bdc->bdc_ep_array[1];
1397 bdc->ep0_req.ep = ep;
1398 bdc->ep0_req.usb_req.length = 6;
1399 bdc->ep0_req.usb_req.buf = bdc->ep0_response_buff;
1400 bdc->ep0_req.usb_req.complete = ep0_set_sel_cmpl;
1401 ep0_queue_data_stage(bdc);
1402
1403 return 0;
1404 }
1405
1406 /*
1407 * Queue a 0 byte bd only if wLength is more than the length and length is
1408 * a multiple of MaxPacket then queue 0 byte BD
1409 */
ep0_queue_zlp(struct bdc * bdc)1410 static int ep0_queue_zlp(struct bdc *bdc)
1411 {
1412 int ret;
1413
1414 dev_dbg(bdc->dev, "%s\n", __func__);
1415 bdc->ep0_req.ep = bdc->bdc_ep_array[1];
1416 bdc->ep0_req.usb_req.length = 0;
1417 bdc->ep0_req.usb_req.complete = NULL;
1418 bdc->ep0_state = WAIT_FOR_DATA_START;
1419 ret = bdc_queue_xfr(bdc, &bdc->ep0_req);
1420 if (ret) {
1421 dev_err(bdc->dev, "err queueing zlp :%d\n", ret);
1422 return ret;
1423 }
1424 bdc->ep0_state = WAIT_FOR_DATA_XMIT;
1425
1426 return 0;
1427 }
1428
1429 /* Control request handler */
handle_control_request(struct bdc * bdc)1430 static int handle_control_request(struct bdc *bdc)
1431 {
1432 enum usb_device_state state = bdc->gadget.state;
1433 struct usb_ctrlrequest *setup_pkt;
1434 int delegate_setup = 0;
1435 int ret = 0;
1436 int config = 0;
1437
1438 setup_pkt = &bdc->setup_pkt;
1439 dev_dbg(bdc->dev, "%s\n", __func__);
1440 if ((setup_pkt->bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD) {
1441 switch (setup_pkt->bRequest) {
1442 case USB_REQ_SET_ADDRESS:
1443 dev_dbg(bdc->dev, "USB_REQ_SET_ADDRESS\n");
1444 ret = ep0_set_address(bdc, setup_pkt);
1445 bdc->devstatus &= DEVSTATUS_CLEAR;
1446 break;
1447
1448 case USB_REQ_SET_CONFIGURATION:
1449 dev_dbg(bdc->dev, "USB_REQ_SET_CONFIGURATION\n");
1450 if (state == USB_STATE_ADDRESS) {
1451 usb_gadget_set_state(&bdc->gadget,
1452 USB_STATE_CONFIGURED);
1453 } else if (state == USB_STATE_CONFIGURED) {
1454 /*
1455 * USB2 spec sec 9.4.7, if wValue is 0 then dev
1456 * is moved to addressed state
1457 */
1458 config = le16_to_cpu(setup_pkt->wValue);
1459 if (!config)
1460 usb_gadget_set_state(
1461 &bdc->gadget,
1462 USB_STATE_ADDRESS);
1463 }
1464 delegate_setup = 1;
1465 break;
1466
1467 case USB_REQ_SET_FEATURE:
1468 dev_dbg(bdc->dev, "USB_REQ_SET_FEATURE\n");
1469 ret = ep0_handle_feature(bdc, setup_pkt, 1);
1470 break;
1471
1472 case USB_REQ_CLEAR_FEATURE:
1473 dev_dbg(bdc->dev, "USB_REQ_CLEAR_FEATURE\n");
1474 ret = ep0_handle_feature(bdc, setup_pkt, 0);
1475 break;
1476
1477 case USB_REQ_GET_STATUS:
1478 dev_dbg(bdc->dev, "USB_REQ_GET_STATUS\n");
1479 ret = ep0_handle_status(bdc, setup_pkt);
1480 break;
1481
1482 case USB_REQ_SET_SEL:
1483 dev_dbg(bdc->dev, "USB_REQ_SET_SEL\n");
1484 ret = ep0_set_sel(bdc, setup_pkt);
1485 break;
1486
1487 case USB_REQ_SET_ISOCH_DELAY:
1488 dev_warn(bdc->dev,
1489 "USB_REQ_SET_ISOCH_DELAY not handled\n");
1490 ret = 0;
1491 break;
1492 default:
1493 delegate_setup = 1;
1494 }
1495 } else {
1496 delegate_setup = 1;
1497 }
1498
1499 if (delegate_setup) {
1500 spin_unlock(&bdc->lock);
1501 ret = bdc->gadget_driver->setup(&bdc->gadget, setup_pkt);
1502 spin_lock(&bdc->lock);
1503 }
1504
1505 return ret;
1506 }
1507
1508 /* EP0: Data stage started */
bdc_xsf_ep0_data_start(struct bdc * bdc,struct bdc_sr * sreport)1509 void bdc_xsf_ep0_data_start(struct bdc *bdc, struct bdc_sr *sreport)
1510 {
1511 struct bdc_ep *ep;
1512 int ret = 0;
1513
1514 dev_dbg(bdc->dev, "%s\n", __func__);
1515 ep = bdc->bdc_ep_array[1];
1516 /* If ep0 was stalled, the clear it first */
1517 if (ep->flags & BDC_EP_STALL) {
1518 ret = ep_set_halt(ep, 0);
1519 if (ret)
1520 goto err;
1521 }
1522 if (bdc->ep0_state != WAIT_FOR_DATA_START)
1523 dev_warn(bdc->dev,
1524 "Data stage not expected ep0_state:%s\n",
1525 ep0_state_string[bdc->ep0_state]);
1526
1527 ret = handle_control_request(bdc);
1528 if (ret == USB_GADGET_DELAYED_STATUS) {
1529 /*
1530 * The ep0 state will remain WAIT_FOR_DATA_START till
1531 * we received ep_queue on ep0
1532 */
1533 bdc->delayed_status = true;
1534 return;
1535 }
1536 if (!ret) {
1537 bdc->ep0_state = WAIT_FOR_DATA_XMIT;
1538 dev_dbg(bdc->dev,
1539 "ep0_state:%s", ep0_state_string[bdc->ep0_state]);
1540 return;
1541 }
1542 err:
1543 ep0_stall(bdc);
1544 }
1545
1546 /* EP0: status stage started */
bdc_xsf_ep0_status_start(struct bdc * bdc,struct bdc_sr * sreport)1547 void bdc_xsf_ep0_status_start(struct bdc *bdc, struct bdc_sr *sreport)
1548 {
1549 struct usb_ctrlrequest *setup_pkt;
1550 struct bdc_ep *ep;
1551 int ret = 0;
1552
1553 dev_dbg(bdc->dev,
1554 "%s ep0_state:%s",
1555 __func__, ep0_state_string[bdc->ep0_state]);
1556 ep = bdc->bdc_ep_array[1];
1557
1558 /* check if ZLP was queued? */
1559 if (bdc->zlp_needed)
1560 bdc->zlp_needed = false;
1561
1562 if (ep->flags & BDC_EP_STALL) {
1563 ret = ep_set_halt(ep, 0);
1564 if (ret)
1565 goto err;
1566 }
1567
1568 if ((bdc->ep0_state != WAIT_FOR_STATUS_START) &&
1569 (bdc->ep0_state != WAIT_FOR_DATA_XMIT))
1570 dev_err(bdc->dev,
1571 "Status stage recv but ep0_state:%s\n",
1572 ep0_state_string[bdc->ep0_state]);
1573
1574 /* check if data stage is in progress ? */
1575 if (bdc->ep0_state == WAIT_FOR_DATA_XMIT) {
1576 bdc->ep0_state = STATUS_PENDING;
1577 /* Status stage will be queued upon Data stage transmit event */
1578 dev_dbg(bdc->dev,
1579 "status started but data not transmitted yet\n");
1580 return;
1581 }
1582 setup_pkt = &bdc->setup_pkt;
1583
1584 /*
1585 * 2 stage setup then only process the setup, for 3 stage setup the date
1586 * stage is already handled
1587 */
1588 if (!le16_to_cpu(setup_pkt->wLength)) {
1589 ret = handle_control_request(bdc);
1590 if (ret == USB_GADGET_DELAYED_STATUS) {
1591 bdc->delayed_status = true;
1592 /* ep0_state will remain WAIT_FOR_STATUS_START */
1593 return;
1594 }
1595 }
1596 if (!ret) {
1597 /* Queue a status stage BD */
1598 ep0_queue_status_stage(bdc);
1599 bdc->ep0_state = WAIT_FOR_STATUS_XMIT;
1600 dev_dbg(bdc->dev,
1601 "ep0_state:%s", ep0_state_string[bdc->ep0_state]);
1602 return;
1603 }
1604 err:
1605 ep0_stall(bdc);
1606 }
1607
1608 /* Helper function to update ep0 upon SR with xsf_succ or xsf_short */
ep0_xsf_complete(struct bdc * bdc,struct bdc_sr * sreport)1609 static void ep0_xsf_complete(struct bdc *bdc, struct bdc_sr *sreport)
1610 {
1611 dev_dbg(bdc->dev, "%s\n", __func__);
1612 switch (bdc->ep0_state) {
1613 case WAIT_FOR_DATA_XMIT:
1614 bdc->ep0_state = WAIT_FOR_STATUS_START;
1615 break;
1616 case WAIT_FOR_STATUS_XMIT:
1617 bdc->ep0_state = WAIT_FOR_SETUP;
1618 if (bdc->test_mode) {
1619 int ret;
1620
1621 dev_dbg(bdc->dev, "test_mode:%d\n", bdc->test_mode);
1622 ret = bdc_set_test_mode(bdc);
1623 if (ret < 0) {
1624 dev_err(bdc->dev, "Err in setting Test mode\n");
1625 return;
1626 }
1627 bdc->test_mode = 0;
1628 }
1629 break;
1630 case STATUS_PENDING:
1631 bdc_xsf_ep0_status_start(bdc, sreport);
1632 break;
1633
1634 default:
1635 dev_err(bdc->dev,
1636 "Unknown ep0_state:%s\n",
1637 ep0_state_string[bdc->ep0_state]);
1638
1639 }
1640 }
1641
1642 /* xfr completion status report handler */
bdc_sr_xsf(struct bdc * bdc,struct bdc_sr * sreport)1643 void bdc_sr_xsf(struct bdc *bdc, struct bdc_sr *sreport)
1644 {
1645 struct bdc_ep *ep;
1646 u32 sr_status;
1647 u8 ep_num;
1648
1649 ep_num = (le32_to_cpu(sreport->offset[3])>>4) & 0x1f;
1650 ep = bdc->bdc_ep_array[ep_num];
1651 if (!ep || !(ep->flags & BDC_EP_ENABLED)) {
1652 dev_err(bdc->dev, "xsf for ep not enabled\n");
1653 return;
1654 }
1655 /*
1656 * check if this transfer is after link went from U3->U0 due
1657 * to remote wakeup
1658 */
1659 if (bdc->devstatus & FUNC_WAKE_ISSUED) {
1660 bdc->devstatus &= ~(FUNC_WAKE_ISSUED);
1661 dev_dbg(bdc->dev, "%s clearing FUNC_WAKE_ISSUED flag\n",
1662 __func__);
1663 }
1664 sr_status = XSF_STS(le32_to_cpu(sreport->offset[3]));
1665 dev_dbg_ratelimited(bdc->dev, "%s sr_status=%d ep:%s\n",
1666 __func__, sr_status, ep->name);
1667
1668 switch (sr_status) {
1669 case XSF_SUCC:
1670 case XSF_SHORT:
1671 handle_xsr_succ_status(bdc, ep, sreport);
1672 if (ep_num == 1)
1673 ep0_xsf_complete(bdc, sreport);
1674 break;
1675
1676 case XSF_SETUP_RECV:
1677 case XSF_DATA_START:
1678 case XSF_STATUS_START:
1679 if (ep_num != 1) {
1680 dev_err(bdc->dev,
1681 "ep0 related packets on non ep0 endpoint");
1682 return;
1683 }
1684 bdc->sr_xsf_ep0[sr_status - XSF_SETUP_RECV](bdc, sreport);
1685 break;
1686
1687 case XSF_BABB:
1688 if (ep_num == 1) {
1689 dev_dbg(bdc->dev, "Babble on ep0 zlp_need:%d\n",
1690 bdc->zlp_needed);
1691 /*
1692 * If the last completed transfer had wLength >Data Len,
1693 * and Len is multiple of MaxPacket,then queue ZLP
1694 */
1695 if (bdc->zlp_needed) {
1696 /* queue 0 length bd */
1697 ep0_queue_zlp(bdc);
1698 return;
1699 }
1700 }
1701 dev_warn(bdc->dev, "Babble on ep not handled\n");
1702 break;
1703 default:
1704 dev_warn(bdc->dev, "sr status not handled:%x\n", sr_status);
1705 break;
1706 }
1707 }
1708
bdc_gadget_ep_queue(struct usb_ep * _ep,struct usb_request * _req,gfp_t gfp_flags)1709 static int bdc_gadget_ep_queue(struct usb_ep *_ep,
1710 struct usb_request *_req, gfp_t gfp_flags)
1711 {
1712 struct bdc_req *req;
1713 unsigned long flags;
1714 struct bdc_ep *ep;
1715 struct bdc *bdc;
1716 int ret;
1717
1718 if (!_ep || !_ep->desc)
1719 return -ESHUTDOWN;
1720
1721 if (!_req || !_req->complete || !_req->buf)
1722 return -EINVAL;
1723
1724 ep = to_bdc_ep(_ep);
1725 req = to_bdc_req(_req);
1726 bdc = ep->bdc;
1727 dev_dbg(bdc->dev, "%s ep:%p req:%p\n", __func__, ep, req);
1728 dev_dbg(bdc->dev, "queuing request %p to %s length %d zero:%d\n",
1729 _req, ep->name, _req->length, _req->zero);
1730
1731 if (!ep->usb_ep.desc) {
1732 dev_warn(bdc->dev,
1733 "trying to queue req %p to disabled %s\n",
1734 _req, ep->name);
1735 return -ESHUTDOWN;
1736 }
1737
1738 if (_req->length > MAX_XFR_LEN) {
1739 dev_warn(bdc->dev,
1740 "req length > supported MAX:%d requested:%d\n",
1741 MAX_XFR_LEN, _req->length);
1742 return -EOPNOTSUPP;
1743 }
1744 spin_lock_irqsave(&bdc->lock, flags);
1745 if (ep == bdc->bdc_ep_array[1])
1746 ret = ep0_queue(ep, req);
1747 else
1748 ret = ep_queue(ep, req);
1749
1750 spin_unlock_irqrestore(&bdc->lock, flags);
1751
1752 return ret;
1753 }
1754
bdc_gadget_ep_dequeue(struct usb_ep * _ep,struct usb_request * _req)1755 static int bdc_gadget_ep_dequeue(struct usb_ep *_ep,
1756 struct usb_request *_req)
1757 {
1758 struct bdc_req *req;
1759 struct bdc_req *iter;
1760 unsigned long flags;
1761 struct bdc_ep *ep;
1762 struct bdc *bdc;
1763 int ret;
1764
1765 if (!_ep || !_req)
1766 return -EINVAL;
1767
1768 ep = to_bdc_ep(_ep);
1769 req = to_bdc_req(_req);
1770 bdc = ep->bdc;
1771 dev_dbg(bdc->dev, "%s ep:%s req:%p\n", __func__, ep->name, req);
1772 bdc_dbg_bd_list(bdc, ep);
1773 spin_lock_irqsave(&bdc->lock, flags);
1774
1775 req = NULL;
1776 /* make sure it's still queued on this endpoint */
1777 list_for_each_entry(iter, &ep->queue, queue) {
1778 if (&iter->usb_req != _req)
1779 continue;
1780 req = iter;
1781 break;
1782 }
1783 if (!req) {
1784 spin_unlock_irqrestore(&bdc->lock, flags);
1785 dev_err(bdc->dev, "usb_req !=req n");
1786 return -EINVAL;
1787 }
1788 ret = ep_dequeue(ep, req);
1789 if (ret) {
1790 ret = -EOPNOTSUPP;
1791 goto err;
1792 }
1793 bdc_req_complete(ep, req, -ECONNRESET);
1794
1795 err:
1796 bdc_dbg_bd_list(bdc, ep);
1797 spin_unlock_irqrestore(&bdc->lock, flags);
1798
1799 return ret;
1800 }
1801
bdc_gadget_ep_set_halt(struct usb_ep * _ep,int value)1802 static int bdc_gadget_ep_set_halt(struct usb_ep *_ep, int value)
1803 {
1804 unsigned long flags;
1805 struct bdc_ep *ep;
1806 struct bdc *bdc;
1807 int ret;
1808
1809 ep = to_bdc_ep(_ep);
1810 bdc = ep->bdc;
1811 dev_dbg(bdc->dev, "%s ep:%s value=%d\n", __func__, ep->name, value);
1812 spin_lock_irqsave(&bdc->lock, flags);
1813 if (usb_endpoint_xfer_isoc(ep->usb_ep.desc))
1814 ret = -EINVAL;
1815 else if (!list_empty(&ep->queue))
1816 ret = -EAGAIN;
1817 else
1818 ret = ep_set_halt(ep, value);
1819
1820 spin_unlock_irqrestore(&bdc->lock, flags);
1821
1822 return ret;
1823 }
1824
bdc_gadget_alloc_request(struct usb_ep * _ep,gfp_t gfp_flags)1825 static struct usb_request *bdc_gadget_alloc_request(struct usb_ep *_ep,
1826 gfp_t gfp_flags)
1827 {
1828 struct bdc_req *req;
1829 struct bdc_ep *ep;
1830
1831 req = kzalloc_obj(*req, gfp_flags);
1832 if (!req)
1833 return NULL;
1834
1835 ep = to_bdc_ep(_ep);
1836 req->ep = ep;
1837 req->epnum = ep->ep_num;
1838 req->usb_req.dma = DMA_ADDR_INVALID;
1839 dev_dbg(ep->bdc->dev, "%s ep:%s req:%p\n", __func__, ep->name, req);
1840
1841 return &req->usb_req;
1842 }
1843
bdc_gadget_free_request(struct usb_ep * _ep,struct usb_request * _req)1844 static void bdc_gadget_free_request(struct usb_ep *_ep,
1845 struct usb_request *_req)
1846 {
1847 struct bdc_req *req;
1848
1849 req = to_bdc_req(_req);
1850 kfree(req);
1851 }
1852
1853 /* endpoint operations */
1854
1855 /* configure endpoint and also allocate resources */
bdc_gadget_ep_enable(struct usb_ep * _ep,const struct usb_endpoint_descriptor * desc)1856 static int bdc_gadget_ep_enable(struct usb_ep *_ep,
1857 const struct usb_endpoint_descriptor *desc)
1858 {
1859 unsigned long flags;
1860 struct bdc_ep *ep;
1861 struct bdc *bdc;
1862 int ret;
1863
1864 if (!_ep || !desc || desc->bDescriptorType != USB_DT_ENDPOINT) {
1865 pr_debug("%s invalid parameters\n", __func__);
1866 return -EINVAL;
1867 }
1868
1869 if (!desc->wMaxPacketSize) {
1870 pr_debug("%s missing wMaxPacketSize\n", __func__);
1871 return -EINVAL;
1872 }
1873
1874 ep = to_bdc_ep(_ep);
1875 bdc = ep->bdc;
1876
1877 /* Sanity check, upper layer will not send enable for ep0 */
1878 if (ep == bdc->bdc_ep_array[1])
1879 return -EINVAL;
1880
1881 if (!bdc->gadget_driver
1882 || bdc->gadget.speed == USB_SPEED_UNKNOWN) {
1883 return -ESHUTDOWN;
1884 }
1885
1886 dev_dbg(bdc->dev, "%s Enabling %s\n", __func__, ep->name);
1887 spin_lock_irqsave(&bdc->lock, flags);
1888 ep->desc = desc;
1889 ep->comp_desc = _ep->comp_desc;
1890 ret = bdc_ep_enable(ep);
1891 spin_unlock_irqrestore(&bdc->lock, flags);
1892
1893 return ret;
1894 }
1895
bdc_gadget_ep_disable(struct usb_ep * _ep)1896 static int bdc_gadget_ep_disable(struct usb_ep *_ep)
1897 {
1898 unsigned long flags;
1899 struct bdc_ep *ep;
1900 struct bdc *bdc;
1901 int ret;
1902
1903 if (!_ep) {
1904 pr_debug("bdc: invalid parameters\n");
1905 return -EINVAL;
1906 }
1907 ep = to_bdc_ep(_ep);
1908 bdc = ep->bdc;
1909
1910 /* Upper layer will not call this for ep0, but do a sanity check */
1911 if (ep == bdc->bdc_ep_array[1]) {
1912 dev_warn(bdc->dev, "%s called for ep0\n", __func__);
1913 return -EINVAL;
1914 }
1915 dev_dbg(bdc->dev,
1916 "%s() ep:%s ep->flags:%08x\n",
1917 __func__, ep->name, ep->flags);
1918
1919 if (!(ep->flags & BDC_EP_ENABLED)) {
1920 if (bdc->gadget.speed != USB_SPEED_UNKNOWN)
1921 dev_warn(bdc->dev, "%s is already disabled\n",
1922 ep->name);
1923 return 0;
1924 }
1925 spin_lock_irqsave(&bdc->lock, flags);
1926 ret = bdc_ep_disable(ep);
1927 spin_unlock_irqrestore(&bdc->lock, flags);
1928
1929 return ret;
1930 }
1931
1932 static const struct usb_ep_ops bdc_gadget_ep_ops = {
1933 .enable = bdc_gadget_ep_enable,
1934 .disable = bdc_gadget_ep_disable,
1935 .alloc_request = bdc_gadget_alloc_request,
1936 .free_request = bdc_gadget_free_request,
1937 .queue = bdc_gadget_ep_queue,
1938 .dequeue = bdc_gadget_ep_dequeue,
1939 .set_halt = bdc_gadget_ep_set_halt
1940 };
1941
1942 /* dir = 1 is IN */
init_ep(struct bdc * bdc,u32 epnum,u32 dir)1943 static int init_ep(struct bdc *bdc, u32 epnum, u32 dir)
1944 {
1945 struct bdc_ep *ep;
1946
1947 dev_dbg(bdc->dev, "%s epnum=%d dir=%d\n", __func__, epnum, dir);
1948 ep = kzalloc_obj(*ep);
1949 if (!ep)
1950 return -ENOMEM;
1951
1952 ep->bdc = bdc;
1953 ep->dir = dir;
1954
1955 if (dir)
1956 ep->usb_ep.caps.dir_in = true;
1957 else
1958 ep->usb_ep.caps.dir_out = true;
1959
1960 /* ep->ep_num is the index inside bdc_ep */
1961 if (epnum == 1) {
1962 ep->ep_num = 1;
1963 bdc->bdc_ep_array[ep->ep_num] = ep;
1964 snprintf(ep->name, sizeof(ep->name), "ep%d", epnum - 1);
1965 usb_ep_set_maxpacket_limit(&ep->usb_ep, EP0_MAX_PKT_SIZE);
1966 ep->usb_ep.caps.type_control = true;
1967 ep->comp_desc = NULL;
1968 bdc->gadget.ep0 = &ep->usb_ep;
1969 } else {
1970 if (dir)
1971 ep->ep_num = epnum * 2 - 1;
1972 else
1973 ep->ep_num = epnum * 2 - 2;
1974
1975 bdc->bdc_ep_array[ep->ep_num] = ep;
1976 snprintf(ep->name, sizeof(ep->name), "ep%d%s", epnum - 1,
1977 dir & 1 ? "in" : "out");
1978
1979 usb_ep_set_maxpacket_limit(&ep->usb_ep, 1024);
1980 ep->usb_ep.caps.type_iso = true;
1981 ep->usb_ep.caps.type_bulk = true;
1982 ep->usb_ep.caps.type_int = true;
1983 ep->usb_ep.max_streams = 0;
1984 list_add_tail(&ep->usb_ep.ep_list, &bdc->gadget.ep_list);
1985 }
1986 ep->usb_ep.ops = &bdc_gadget_ep_ops;
1987 ep->usb_ep.name = ep->name;
1988 ep->flags = 0;
1989 ep->ignore_next_sr = false;
1990 dev_dbg(bdc->dev, "ep=%p ep->usb_ep.name=%s epnum=%d ep->epnum=%d\n",
1991 ep, ep->usb_ep.name, epnum, ep->ep_num);
1992
1993 INIT_LIST_HEAD(&ep->queue);
1994
1995 return 0;
1996 }
1997
1998 /* Init all ep */
bdc_init_ep(struct bdc * bdc)1999 int bdc_init_ep(struct bdc *bdc)
2000 {
2001 u8 epnum;
2002 int ret;
2003
2004 dev_dbg(bdc->dev, "%s()\n", __func__);
2005 INIT_LIST_HEAD(&bdc->gadget.ep_list);
2006 /* init ep0 */
2007 ret = init_ep(bdc, 1, 0);
2008 if (ret) {
2009 dev_err(bdc->dev, "init ep ep0 fail %d\n", ret);
2010 return ret;
2011 }
2012
2013 for (epnum = 2; epnum <= bdc->num_eps / 2; epnum++) {
2014 /* OUT */
2015 ret = init_ep(bdc, epnum, 0);
2016 if (ret) {
2017 dev_err(bdc->dev,
2018 "init ep failed for:%d error: %d\n",
2019 epnum, ret);
2020 return ret;
2021 }
2022
2023 /* IN */
2024 ret = init_ep(bdc, epnum, 1);
2025 if (ret) {
2026 dev_err(bdc->dev,
2027 "init ep failed for:%d error: %d\n",
2028 epnum, ret);
2029 return ret;
2030 }
2031 }
2032
2033 return 0;
2034 }
2035